Backports SLE

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-22	CVE-2020-6517	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-787	8.8
2020-07-22	CVE-2020-6516	Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian opensuse fedoraproject	4.3
2020-07-22	CVE-2020-6515	Use After Free vulnerability in multiple products Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-416	8.8
2020-07-22	CVE-2020-6514	Information Exposure vulnerability in multiple products Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. network low complexity google opensuse fedoraproject debian canonical apple CWE-200	6.5
2020-07-22	CVE-2020-6513	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. network low complexity google opensuse fedoraproject debian CWE-787	8.8
2020-07-22	CVE-2020-6512	Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-843	8.8
2020-07-22	CVE-2020-6511	Information Exposure Through an Error Message vulnerability in multiple products Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-209	6.5
2020-07-22	CVE-2020-6510	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. local low complexity google debian opensuse fedoraproject CWE-787	7.8
2020-06-30	CVE-2020-15396	Race Condition vulnerability in multiple products In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. local low complexity hylafax-project ifax fedoraproject opensuse CWE-362	7.8
2020-06-19	CVE-2020-8164	Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. network low complexity rubyonrails debian opensuse CWE-502	7.5